RSA NetWitness Logs. Microsoft Azure NSG (Flow Logs) Event Source Log Configuration Guide. Last Modified: Monday, February 26, 2018
|
|
- Simon Robinson
- 5 years ago
- Views:
Transcription
1 RSA NetWitness Logs Event Source Log Configuration Guide Microsoft Azure NSG (Flow Logs) Last Modified: Monday, February 26, 2018 Event Source Product Information: Vendor: Microsoft Event Source: NSG (Flow Logs) Versions: all RSA Product Information: Supported On: Security Analytics and later Event Source Log Parser: cef Note: The CEF parser parses this event source as device.type=msazurensg Collection Method: Plugin Framework Event Source Class.Subclass: Host.Cloud
2 This document contains the following sections: NSG Flow Logs in Azure Set Up Microsoft Azure NSG Event Source in RSA NetWitness NSG Flow Logs in Azure Network Security Group (NSG) flow logs are a feature of Network Watcher that allows you to view information about ingress and egress IP traffic through a Network Security Group. These flow logs are written in JSON format and show outbound and inbound flows on a per rule basis, the NIC the flow applies to, 5-tuple information about the flow (Source and Destination IP, Source and Destination Port, and Protocol), and if the traffic was allowed or denied. While flow logs target Network Security Groups, they are not displayed in the same manner as the other logs. Flow logs are stored only within a storage account and follow the logging path as shown in the following example: {subscriptionid}/resourcegroups/ {resourcegroupname}/providers/microsoft.network/networksecuritygro ups/{nsgname}/{year}/{month}/{day}/pt1h.json Event Format Flow log messages have the following format: time: The time when the event was logged systemid: Network Security Group resource ID category: The category of the event; this is be NetworkSecurityGroupFlowEvent resourceid: The resource ID of the NSG operationname: Always NetworkSecurityGroupFlowEvents properties: A collection of properties of the flow, as follows: Version: Version number of the Flow Log event schema flows: A collection of flows. This property has multiple entries for different rules: NSG Flow Logs in Azure 2
3 rule: Rule for which the flows are listed. flows: a collection of flows mac: The MAC address of the NIC for the VM where the flow was collected flowtuples: A string that contains multiple properties for the flow tuple in comma-separated format Time Stamp - This value is the time stamp of when the flow occurred in UNIX EPOCH format Source IP - The source IP Destination IP - The destination IP Source Port - The source port Destination Port - The destination Port Protocol - The protocol of the flow. Valid values are T for TCP and U for UDP Traffic Flow - The direction of the traffic flow. Valid values are I for inbound and O for outbound. Traffic - Whether traffic was allowed or denied. Valid values are A for allowed and D for denied. Log Format Example Assume a log message as follows: {"time":" t07:15: z","systemid":"cbdb1b39-ac ad8ec06761aebd13","category":"networksecuritygroupflowevent","resourcei d":"/subscriptions/2ff1c8d5-ff42-4dcd-b7b1-0ffb52a31f33/resourcegroups/lt-vpn- RESGROUP/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/LT-NSG- DEFAULT","operationName":"NetworkSecurityGroupFlowEvents","properti es":{"version":1,"flows":[{"rule":"userrule_pontusall","flows": [{"mac":"000d3a103552","flowtuples": [" ,xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy,123,123,U,O,A"," ,xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy,61377,53,U,O,A"," ,xx x.xxx.xxx.xxx,yyy.yyy.yyy.yyy,51258,443,t,o,a"]}]}]}} This message is converted into the following multiple sub-logs: 3 Log Format Example
4 Jan :19:50 cbdb1b39-ac ad8e-c06761aebd13 CEF:0 Microsoft Azure NSG 1 NetworkSecurityGroupFlowEvents NetworkSecurityGroupFlowEvent s 5 category=networksecuritygroupflowevent src=xxx.xxx.xxx.xxx proto=udp devicedirection=outbound resourceid=/subscriptions/2ff1c8d5-ff42-4dcd-b7b1-0ffb52a31f33/resourcegroups/lt-vpn- RESGROUP/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/LT-NSG- DEFAULT operationname=networksecuritygroupflowevents rulename=userrule_pontusall timestamp= macaddr=000d3a version=1 systemid=cbdb1b39-ac ad8ec06761aebd13 eventtime= t07:15: z dpt=123 action=allowed spt=123 dst=yyy.yyy.yyy.yyy Jan :19:50 cbdb1b39-ac ad8e-c06761aebd13 CEF:0 Microsoft Azure NSG 1 NetworkSecurityGroupFlowEvents NetworkSecurityGroupFlowEvent s 5 category=networksecuritygroupflowevent src=xxx.xxx.xxx.xxx proto=udp devicedirection=outbound resourceid=/subscriptions/2ff1c8d5-ff42-4dcd-b7b1-0ffb52a31f33/resourcegroups/lt-vpn- RESGROUP/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/LT-NSG- DEFAULT operationname=networksecuritygroupflowevents rulename=userrule_pontusall timestamp= macaddr=000d3a version=1 systemid=cbdb1b39-ac ad8ec06761aebd13 eventtime= t07:15: z dpt=53 action=allowed spt=61377 dst=yyy.yyy.yyy.yyy Jan :19:50 cbdb1b39-ac ad8e-c06761aebd13 CEF:0 Microsoft Azure NSG 1 NetworkSecurityGroupFlowEvents NetworkSecurityGroupFlowEvent s 5 category=networksecuritygroupflowevent src=xxx.xxx.xxx.xxx proto=tcp devicedirection=outbound resourceid=/subscriptions/2ff1c8d5-ff42-4dcd-b7b1-0ffb52a31f33/resourcegroups/lt-vpn- RESGROUP/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/LT-NSG- DEFAULT operationname=networksecuritygroupflowevents rulename=userrule_pontusall timestamp= macaddr=000d3a version=1 systemid=cbdb1b39-ac ad8ec06761aebd13 eventtime= t07:15: z dpt=443 action=allowed spt=51258 dst=yyy.yyy.yyy.yyy See network-watcher-nsg-flow-logging-overview for more details. Log Format Example 4
5 Configure NSG Flow Logs in Azure 1. Log into the Azure portal at 2. Go to Subscriptions, and then select the subscription for which you want to enable flow logs. 3. On the Subscription blade, select Resource Providers Look at the list of providers, and verify that the microsoft.insights provider is registered. If not, then select Register. 5. Go to Network Watcher > NSG Flow logs. 6. Select the Network Security Group and Resource group to enable logs. 7. Specify the storage account and duration for log retention. 5 Configure NSG Flow Logs in Azure
6 8. Make sure to set the public access level to Private for insights-logsnetworksecuritygroupflowevent container to block public anonymous access. See network-watcher-nsg-flow-logging-portal for more details. Create SAS Token with Access Policy Note: This section provides example Powershell steps for creating an SAS token. Any other method can also be used. These commands create an SAS token with an access policy having the following properties: Validity = 1 year Protocol = https only Create SAS Token with Access Policy 6
7 Permissions = list and read on the insights-logs-networksecuritygroupflowevent container PS > Login-AzureRmAccount PS > $accountkeys = Get-AzureRmStorageAccountKey -ResourceGroupName "Pontus-VPN-ResGroup" -Name "pontusvpnresgroup167" PS > $storagecontext = New-AzureStorageContext -StorageAccountName "pontusvpnresgroup167" -StorageAccountKey $accountkeys.value[0] PS > $policyname = "testpolicy2" PS > $starttime = $(Get-Date).ToUniversalTime().AddMinutes(-5) PS > $expirytime = $(Get-Date).ToUniversalTime().AddYears(1) PS > New-AzureStorageContainerStoredAccessPolicy -Container "insights-logs-networksecuritygroupflowevent" -Policy $policyname - Permission rl -StartTime $starttime -ExpiryTime $expirytime - Context $storagecontext PS > New-AzureStorageContainerSASToken -name 'insights-logsnetworksecuritygroupflowevent' -Protocol HttpsOnly -Policy $policyname -Context $storagecontext? sv= &sr=c&si=testpolicy2&sig=cqwvu74sv50ji5sxqcmedvwt1u3huezbon 1ZuRsaxnU%3D&spr=https The highlighted string represents the SAS token you need to provide when you instantiate the plugin. See storage-dotnet-shared-access-signature-part-1 for more details. 7 Create SAS Token with Access Policy
8 Set Up Microsoft Azure NSG Event Source in RSA NetWitness In RSA NetWitness Suite, perform the following tasks: 1. Deploy msazurensg package and CEF parser from Live 2. Configure the event source Deploy the Azure NSG Files from Live Azure NSG requires resources available in Live in order to collect logs. To deploy the Azure NSG content from Live: 1. In the RSA NetWitness Suite menu, select Live. 2. Browse Live for the Common Event Format (cef) parser, using RSA Log Device as the Resource Type. 3. Select the cef parser from the list and click Deploy to deploy it to the appropriate the Log Decoders. 4. You also need to deploy the Azure NSG package. Browse Live for Azure NSG content, typing "Azure NSG" into the Keywords text box, then click Search. 5. Select the item returned from the search and click Deploy to deploy to the appropriate Log Collectors. Note: On a hybrid installation, you need to deploy the package on both the VLC and the LC. 6. Restart the nwlogcollector service. For more details, see the Add or Update Supported Event Source Log Parsers topic, or the Live Resource Guide on RSA Link. Configure the Azure NSG Event Source This section contains details on setting up the event source in RSA NetWitness Suite. In addition to the procedure, the Azure NSG Collection Configuration Parameters are described, as well as how to collect Azure NSG Flow Events in NetWitness Suite Set Up Microsoft Azure NSG Event Source in RSA NetWitness 8
9 To configure the Microsoft Azure NSG Event Source: 1. In the RSA NetWitness Suite menu, select Administration > Services. 2. In the Services grid, select a Log Collector service, and from the Actions menu, choose View > Config. 3. In the Event Sources tab, select Plugins/Config from the drop-down menu. The Event Categories panel displays the File event sources that are configured, if any. 4. In the Event Categories panel toolbar, click +. The Available Event Source Types dialog is displayed. 5. Select msazurensg from the list, and click OK. The newly added event source type is displayed in the Event Categories panel. 9 Configure the Azure NSG Event Source
10 6. Select the new type in the Event Categories panel and click + in the Sources panel toolbar. The Add Source dialog is displayed. 7. Define parameter values, as described in Microsoft Azure NSG Collection Configuration Parameters. 8. Click Test Connection. The result of the test is displayed in the dialog box. If the test is unsuccessful, edit the device or service information and retry. Note: The Log Collector takes approximately 60 seconds to return the test results. If it exceeds the time limit, the test times out and RSA NetWitness Suite displays an error message. 9. If the test is successful, click OK. The new event source is displayed in the Sources panel. Note: the API calls to the storage account are charged, as described here: Increasing the Polling Interval time will help in reducing the number of API calls made. Microsoft Azure NSG Collection Configuration Parameters The following table describes the configuration parameter for the Microsoft Azure NSG integration with RSA NetWitness Suite. Fields marked with an asterisk (*) are required. Microsoft Azure NSG Collection Configuration Parameters 10
11 Note: When run from behind an SSL proxy, if certificate verification needs to be disabled, uncheck the SSL Enable checkbox in the Advanced section. Name Name * Storage Account Name * SAS Token * Subscription ID * Resource Group Name * NSG Name * In Hours Description Enter an alpha-numeric, descriptive name for the source. Name of the storage account used to store NSG flow logs. SAS token created, as described in the Create SAS Token with Access Policy section. Subscription for which the NSG Flow logs were enabled. Name of the resource group to which the NSG belongs. Network Security Group name. Specifies whether Start From represents number of hours or days. Selected (default): if selected, Start From represents number of hours. Cleared: if not checked, indicates Start From represents number of days. Start From * Use Proxy Proxy Server Proxy Port Proxy User Proxy Password Source Address Specifies the number of hours or days (see the In Hours parameter above) prior to the current time, from which log collection should start. Select to enable a proxy. If you are using a proxy, enter the proxy server address. Enter the proxy port. Username for the proxy (leave empty if using anonymous proxy). Password for the proxy (leave empty if using anonymous proxy). Input the IP address that needs to appear as the device.ip. 11 Microsoft Azure NSG Collection Configuration Parameters
12 Copyright 2018 Dell Inc. or its subsidiaries. All Rights Reserved. Trademarks For a list of RSA trademarks, go to Microsoft Azure NSG Collection Configuration Parameters 12
RSA NetWitness Platform
RSA NetWitness Platform RSA SecurID Access Last Modified: Tuesday, January 29, 2019 Event Source Product Information: Vendor: RSA, The Security Division of Dell EMC Event Sources: Authentication Manager,
More informationRSA NetWitness Logs. Salesforce. Event Source Log Configuration Guide. Last Modified: Wednesday, February 14, 2018
RSA NetWitness Logs Event Source Log Configuration Guide Salesforce Last Modified: Wednesday, February 14, 2018 Event Source Product Information: Vendor: Salesforce Event Source: CRM Versions: API v1.0
More informationRSA NetWitness Platform
RSA NetWitness Platform Event Source Log Configuration Guide Microsoft Office 365 Last Modified: Thursday, June 7, 2018 Event Source Product Information: Vendor: Microsoft Event Source: Office 365 Versions:
More informationRSA NetWitness Platform
RSA NetWitness Platform AWS CloudTrail Last Modified: Tuesday, May 1, 2018 Event Source Product Information: Vendor: Amazon Web Services Event Source: AWS CloudTrail Versions: all RSA Product Information:
More informationRSA NetWitness Platform
RSA NetWitness Platform Event Source Log Configuration Guide Barracuda Spam Firewall Last Modified: Monday, May 21, 2018 Event Source Product Information: Vendor: Barracuda Networks Event Source: Spam
More informationRSA NetWitness Platform
RSA NetWitness Platform Event Source Log Configuration Guide Sophos UTM Last Modified: Wednesday, October 10, 2018 Event Source Product Information: Vendor: Sophos Event Source: UTM Version: 9.x, 17.x
More informationAruba Networks Mobility Controller
Aruba Networks Mobility Controller Last Modified: Friday, July 6, 2018 Event Source Product Information: Vendor: Aruba Networks Event Source: Aruba Networks Mobility Controller Versions: ArubaOS 2.5.4.0,
More informationRSA NetWitness Logs. Symantec DLP Last Modified: Thursday, April 12, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Symantec DLP Last Modified: Thursday, April 12, 2018 Event Source Product Information: Vendor: Symantec Event Source: Data Loss Prevention Versions:
More informationRSA NetWitness Platform
RSA NetWitness Platform Event Source Log Configuration Guide Check Point Security Suite, IPS-1 Last Modified: Wednesday, May 9, 2018 Event Source Product Information: Vendor: Check Point Event Source:
More informationRSA NetWitness Platform
RSA NetWitness Platform Event Source Log Configuration Guide Palo Alto Panorama Management Server Last Modified: Friday, August 24, 2018 Event Source Product Information: Vendor: Palo Alto Event Source:
More informationRSA NetWitness Logs. F5 Big-IP Application Security Manager. Event Source Log Configuration Guide. Last Modified: Friday, May 12, 2017
RSA NetWitness Logs Event Source Log Configuration Guide F5 Big-IP Application Security Manager Last Modified: Friday, May 12, 2017 Event Source Product Information: Vendor: F5 Event Source: F5 Big-IP
More informationRSA NetWitness Logs. Imperva SecureSphere. Event Source Log Configuration Guide. Last Modified: Monday, May 22, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Imperva SecureSphere Last Modified: Monday, May 22, 2017 Event Source Product Information: Vendor: Imperva Event Source: SecureSphere Versions:
More informationRSA NetWitness Logs. EMC Data Domain. Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide EMC Data Domain Last Modified: Monday, January 16, 2017 Event Source Product Information: Vendor: EMC Event Source: Data Domain Versions: 5.1.0.4
More informationRSA NetWitness Logs. Juniper Networks NetScreen Firewall Last Modified: Monday, October 9, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Juniper Networks NetScreen Firewall Last Modified: Monday, October 9, 2017 Event Source Product Information: Vendor: Juniper Networks Event Source:
More informationRSA NetWitness Platform
RSA NetWitness Platform Event Source Log Configuration Guide Cisco Sourcefire Defense Center (formerly Sourcefire Defense Center) Last Modified: Monday, November 5, 2018 Event Source Product Information:
More informationRSA NetWitness Logs. Juniper Networks NetScreen ScreenOS Last Modified: Wednesday, November 8, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Juniper Networks NetScreen ScreenOS Last Modified: Wednesday, November 8, 2017 Event Source Product Information: Vendor: Juniper Networks Event
More informationRSA NetWitness Logs. DenyAll Web Application Firewall. Event Source Log Configuration Guide. Last Modified: Thursday, November 2, 2017
RSA NetWitness Logs Event Source Log Configuration Guide DenyAll Web Application Firewall Last Modified: Thursday, November 2, 2017 Event Source Product Information: Vendor: DenyAll (formerly Bee Ware)
More informationRSA NetWitness Logs. Cisco Adaptive Security Appliance Last Modified: Wednesday, November 8, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Cisco Adaptive Security Appliance Last Modified: Wednesday, November 8, 2017 Event Source Product Information: Vendor: Cisco Event Source: Adaptive
More informationRSA NetWitness Logs. Bit9 Security Platform. Event Source Log Configuration Guide. Last Modified: Friday, May 05, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Bit9 Security Platform Last Modified: Friday, May 05, 2017 Event Source Product Information: Vendor: Bit9 Event Source: Bit9 Security Platform Versions:
More informationRSA NetWitness Logs. Cisco Meraki. Event Source Log Configuration Guide. Last Modified: Monday, November 13, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Cisco Meraki Last Modified: Monday, November 13, 2017 Event Source Product Information: Vendor: Cisco Event Source: Meraki Versions: MX60, GA 12.26
More informationRSA NetWitness Logs. Citrix Access Gateway Last Modified: Thursday, May 11, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Citrix Access Gateway Last Modified: Thursday, May 11, 2017 Event Source Product Information: Vendor: Citrix Event Source: Access Gateway Versions:
More informationRSA NetWitness Logs. Microsoft Network Policy Server. Event Source Log Configuration Guide. Last Modified: Thursday, June 08, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Microsoft Network Policy Server Last Modified: Thursday, June 08, 2017 Event Source Product Information: Vendor: Microsoft Event Source: Network
More informationRSA NetWitness Logs. F5 Big-IP Access Policy Manager. Event Source Log Configuration Guide. Last Modified: Friday, May 12, 2017
RSA NetWitness Logs Event Source Log Configuration Guide F5 Big-IP Access Policy Manager Last Modified: Friday, May 12, 2017 Event Source Product Information: Vendor: F5 Event Source: Big-IP Access Policy
More informationRSA NetWitness Logs. VMware ESX/ESXi. Event Source Log Configuration Guide. Last Modified: Tuesday, November 7, 2017
RSA NetWitness Logs Event Source Log Configuration Guide VMware ESX/ESXi Last Modified: Tuesday, November 7, 2017 Event Source Product Information: Vendor: VMware Event Source: ESX, ESXi, Embedded ESXi
More informationRSA NetWitness Logs. Microsoft System Center Configuration Manager. Event Source Log Configuration Guide. Last Modified: Thursday, June 08, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Microsoft System Center Configuration Manager Last Modified: Thursday, June 08, 2017 Event Source Product Information: Vendor: Microsoft Event Source:
More informationRSA NetWitness Logs. F5 Big-IP Advanced Firewall Manager. Event Source Log Configuration Guide. Last Modified: Friday, May 12, 2017
RSA NetWitness Logs Event Source Log Configuration Guide F5 Big-IP Advanced Firewall Manager Last Modified: Friday, May 12, 2017 Event Source Product Information: Vendor: F5 Event Source: Big-IP Advanced
More informationRSA NetWitness Logs. Cisco IronPort Security Appliance. Event Source Log Configuration Guide. Last Modified: Thursday, January 19, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Cisco IronPort Email Security Appliance Last Modified: Thursday, January 19, 2017 Event Source Product Information: Vendor: Cisco Event Source:
More informationRSA NetWitness Logs. Microsoft Forefront Endpoint Protection. Event Source Log Configuration Guide. Last Modified: Monday, November 13, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Microsoft Forefront Endpoint Protection Last Modified: Monday, November 13, 2017 Event Source Product Information: Vendor: Microsoft Event Source:
More informationRSA NetWitness Logs. VMware vcenter Server. Event Source Log Configuration Guide. Last Modified: Thursday, November 30, 2017
RSA NetWitness Logs Event Source Log Configuration Guide VMware vcenter Server Last Modified: Thursday, November 30, 2017 Event Source Product Information: Vendor: VMware Event Source: VirtualCenter Server,
More informationRSA NetWitness Logs. Tripwire Enterprise. Event Source Log Configuration Guide. Last Modified: Friday, November 3, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Tripwire Enterprise Last Modified: Friday, November 3, 2017 Event Source Product Information: Vendor: Tripwire Event Source: Tripwire Enterprise
More informationRSA NetWitness Logs. IBM WebSphere DataPower. Event Source Log Configuration Guide. Last Modified: Friday, January 5, 2018
RSA NetWitness Logs Event Source Log Configuration Guide IBM WebSphere DataPower Last Modified: Friday, January 5, 2018 Event Source Product Information: Vendor: IBM Event Source: WebSphere DataPower Versions:
More informationRSA NetWitness Logs. Cisco IronPort Web Security Appliance (WSA) Event Source Log Configuration Guide. Last Modified: Tuesday, January 9, 2018
RSA NetWitness Logs Event Source Log Configuration Guide Cisco IronPort Web Security Appliance (WSA) Last Modified: Tuesday, January 9, 2018 Event Source Product Information: Vendor: Cisco Event Source:
More informationRSA NetWitness Logs. Microsoft SharePoint Server. Event Source Log Configuration Guide. Last Modified: Friday, June 02, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Microsoft SharePoint Server Last Modified: Friday, June 02, 2017 Event Source Product Information: Vendor: Microsoft Event Source: SharePoint Server
More informationRSA NetWitness Logs. Juniper Networks NetScreen-Security Manager Last Modified: Thursday, May 25, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Juniper Networks NetScreen-Security Manager Last Modified: Thursday, May 25, 2017 Event Source Product Information: Vendor: Juniper Networks Event
More informationRSA NetWitness Logs. EMC Isilon. Event Source Log Configuration Guide. Last Modified: Tuesday, October 31, 2017
RSA NetWitness Logs Event Source Log Configuration Guide EMC Isilon Last Modified: Tuesday, October 31, 2017 Event Source Product Information: Vendor: EMC Event Source: Isilon Versions: 6.5.3.32, 6.5.5.7,
More informationRSA NetWitness Logs. RSA Web Threat Detection. Event Source Log Configuration Guide. Last Modified: Friday, April 14, 2017
RSA NetWitness Logs Event Source Log Configuration Guide RSA Web Threat Detection Last Modified: Friday, April 14, 2017 Event Source Product Information: Vendor: RSA Event Source: Web Threat Detection
More informationRSA NetWitness Logs. Oracle Audit Vault and Database Firewall. Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Oracle Audit Vault and Database Firewall Last Modified: Thursday, June 29, 2017 Event Source Product Information: Vendor: Oracle Event Source: Oracle
More informationPexip Infinity and Microsoft Azure Deployment Guide
Pexip Infinity and Microsoft Azure Deployment Guide Contents Introduction 1 Deployment guidelines 2 Configuring Azure Network Security Groups 4 Creating VM instances in Azure 5 Obtaining and preparing
More informationRSA NetWitness Logs. GlobalSCAPE Enhanced File Transfer (EFT) Server. Event Source Log Configuration Guide. Last Modified: Thursday, May 25, 2017
RSA NetWitness Logs Event Source Log Configuration Guide GlobalSCAPE Enhanced File Transfer (EFT) Server Last Modified: Thursday, May 25, 2017 Event Source Product Information: Vendor: GlobalSCAPE Event
More informationRSA NetWitness Logs. Trend Micro InterScan Messaging Security Suite. Event Source Log Configuration Guide. Last Modified: Tuesday, April 25, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Trend Micro InterScan Messaging Security Suite Last Modified: Tuesday, April 25, 2017 Event Source Product Information: Vendor: Trend Micro Event
More informationRSA NetWitness Logs. Airtight Management Console. Event Source Log Configuration Guide. Last Modified: Thursday, May 04, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Airtight Management Console Last Modified: Thursday, May 04, 2017 Event Source Product Information: Vendor: AirTight Event Source: Airtight Management
More informationRSA NetWitness Logs. Oracle Directory Server. Event Source Log Configuration Guide. Last Modified: Thursday, June 29, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Oracle Directory Server Last Modified: Thursday, June 29, 2017 Event Source Product Information: Vendor: Oracle Event Source: Oracle Directory Server
More informationRSA NetWitness Logs. Radiator Radius Server. Event Source Log Configuration Guide. Last Modified: Thursday, November 2, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Radiator Radius Server Last Modified: Thursday, November 2, 2017 Event Source Product Information: Vendor: Radiator Event Source: Radius Server
More informationSQL Server database files and backups on Azure Storage for SAP workloads. By Ravi Alwani AzureCAT
SQL Server database files and backups on Azure Storage for SAP workloads By Ravi Alwani AzureCAT June 2018 Contents 1 Introduction... 1 2 SQL Server data files on blob storage... 2 2.1 Use PowerShell...
More informationRSA NetWitness Logs. McAfee Endpoint Encryption. Event Source Log Configuration Guide. Last Modified: Friday, June 02, 2017
RSA NetWitness Logs Event Source Log Configuration Guide McAfee Endpoint Encryption Last Modified: Friday, June 02, 2017 Event Source Product Information: Vendor: McAfee Event Source: Endpoint Encryption
More informationRSA NetWitness Logs. McAfee Data Loss Prevention Endpoint. Event Source Log Configuration Guide. Last Modified: Thursday, May 25, 2017
RSA NetWitness Logs Event Source Log Configuration Guide McAfee Data Loss Prevention Endpoint Last Modified: Thursday, May 25, 2017 Event Source Product Information: Vendor: McAfee Event Source: Data Loss
More informationDell EMC Avamar Virtual Edition for Azure
Dell EMC Avamar Virtual Edition for Azure Version 7.5.1 Installation and Upgrade Guide 302-004-298 REV 03 Copyright 2016-2018 Dell Inc. or its subsidiaries. All rights reserved. Published May 2018 Dell
More informationDell EMC Avamar Virtual Edition for Azure
Dell EMC Avamar Virtual Edition for Azure Version 18.1 Installation and Upgrade Guide 302-004-692 REV 01 Copyright 2016-2018 Dell Inc. or its subsidiaries. All rights reserved. Published July 2018 Dell
More information<Partner Name> <Partner Product> NETWITNESS Logs Implementation Guide. Imperva Counter Breach 11.5
NETWITNESS Logs Implementation Guide Imperva Daniel Pintal, RSA Partner Engineering Last Modified: December 2, 2016 Solution Summary Imperva integrates with RSA Netwitness
More informationRSA NetWitness Logs. McAfee Web Gateway. Event Source Log Configuration Guide. Last Modified: Wednesday, October 11, 2017
RSA NetWitness Logs Event Source Log Configuration Guide McAfee Web Gateway Last Modified: Wednesday, October 11, 2017 Event Source Product Information: Vendor: McAfee Event Source: Web Gateway Versions:
More informationRSA NetWitness Logs. Symantec Critical Systems Protection. Event Source Log Configuration Guide
RSA NetWitness Logs Symantec Critical Systems Protection Last Modified: Monday, July 24, 2017 Event Source Product Information: Vendor: Symantec Event Source: Critical Systems Protection, Data Center Security
More informationRSA NetWitness Logs. ManageEngine NetFlow Analyzer. Event Source Log Configuration Guide. Last Modified: Monday, March 06, 2017
RSA NetWitness Logs Event Source Log Configuration Guide ManageEngine NetFlow Analyzer Last Modified: Monday, March 06, 2017 Event Source Product Information: Vendor: ManageEngine Event Source: NetFlow
More informationRSA NetWitness Logs. EMC Ionix Unified Infrastructure Manager. Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide EMC Ionix Unified Infrastructure Manager Last Modified: Monday, March 06, 2017 Event Source Product Information: Vendor: EMC Event Source: EMC Ionix
More informationRSA NetWitness Logs. Cisco Wireless LAN Controller. Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Cisco Wireless LAN Controller Last Modified: Thursday, May 11, 2017 Event Source Product Information: Vendor: Cisco Event Source: Wireless LAN Controller
More informationRSA NetWitness Logs. Tenable Nessus. Event Source Log Configuration Guide. Last Modified: Wednesday, August 09, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Tenable Nessus Last Modified: Wednesday, August 09, 2017 Event Source Product Information: Vendor: Tenable Event Source: Tenable Nessus Versions:
More informationRSA NetWitness Logs. Bind DNS. Event Source Log Configuration Guide. Last Modified: Thursday, October 19, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Bind DNS Last Modified: Thursday, October 19, 2017 Event Source Product Information: Vendor: Bind Event Source: Bind DNS Logs Versions: Bind DNS:
More informationRSA NetWitness Logs. Microsoft Network Access Protection. Event Source Log Configuration Guide. Last Modified: Thursday, May 18, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Microsoft Network Access Protection Last Modified: Thursday, May 18, 2017 Event Source Product Information: Vendor: Microsoft Event Source: Network
More informationRSA NetWitness Logs. IBM Tivoli Identity Manager. Event Source Log Configuration Guide. Last Modified: Monday, March 06, 2017
RSA NetWitness Logs Event Source Log Configuration Guide IBM Tivoli Identity Manager Last Modified: Monday, March 06, 2017 Event Source Product Information: Vendor: IBM Event Source: Tivoli Identity Manager
More informationRSA NetWitness Logs. Trend Micro OfficeScan and Control Manager. Event Source Log Configuration Guide. Last Modified: Thursday, November 30, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Trend Micro OfficeScan and Control Manager Last Modified: Thursday, November 30, 2017 Event Source Product Information: Vendor: Trend Micro Event
More informationRSA NetWitness Logs. Extreme Networks Switch Last Modified: Thursday, July 20, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Extreme Networks Switch Last Modified: Thursday, July 20, 2017 Event Source Product Information: Vendor: Extreme Networks Event Source: Extreme
More informationRSA NetWitness Logs. Apache HTTP Server. Event Source Log Configuration Guide. Last Modified: Friday, November 3, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Apache HTTP Server Last Modified: Friday, November 3, 2017 Event Source Product Information: Vendor: Apache Event Source: HTTP Server Versions:
More informationRSA NetWitness Logs. IBM ISS SiteProtector. Event Source Log Configuration Guide. Last Modified: Monday, May 22, 2017
RSA NetWitness Logs Event Source Log Configuration Guide IBM ISS SiteProtector Last Modified: Monday, May 22, 2017 Event Source Product Information: Vendor: IBM Event Source: Proventia Appliance, SiteProtector,
More informationUsing RDP with Azure Linux Virtual Machines
Using RDP with Azure Linux Virtual Machines 1. Create a Linux Virtual Machine with Azure portal Create SSH key pair 1. Install Ubuntu Bash shell by downloading and running bash.exe file as administrator.
More informationRSA NetWitness Logs. Oracle iplanet Web Server. Event Source Log Configuration Guide. Last Modified: Tuesday, May 09, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Oracle iplanet Web Server Last Modified: Tuesday, May 09, 2017 Event Source Product Information: Vendor: Oracle Event Source: iplanet Web Server
More informationRSA NetWitness Logs. VMware NSX. Event Source Log Configuration Guide. Last Modified: Thursday, November 30, 2017
RSA NetWitness Logs Event Source Log Configuration Guide VMware NSX Last Modified: Thursday, November 30, 2017 Event Source Product Information: Vendor: VMware Event Source: VMware NSX Version: 6.x Note:
More informationRSA NetWitness Logs. Sophos Enterprise Console Last Modified: Friday, July 21, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Sophos Enterprise Console Last Modified: Friday, July 21, 2017 Event Source Product Information: Vendor: Sophos Event Source: Enterprise Console,
More informationRSA NetWitness Logs. Citrix XenApp. Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Citrix XenApp Last Modified: Thursday, October 5, 2017 Event Source Product Information: Vendor: Citrix Event Source: XenApp Versions: 5 (for Windows
More informationHow to Configure Azure Route Tables (UDR) using Azure Portal and ARM
How to Configure Azure Route Tables (UDR) using Azure Portal and ARM Azure Route Tables, or User Defined Routing, allow you to create network routes so that your F-Series Firewall VM can handle the traffic
More informationRSA NetWitness Logs. Microsoft Exchange Server. Event Source Log Configuration Guide. Last Modified: Thursday, November 2, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Microsoft Exchange Server Last Modified: Thursday, November 2, 2017 Event Source Product Information: Vendor: Microsoft Event Source: Exchange Server
More informationSophos Mobile as a Service
startup guide Product Version: 8 Contents About this guide... 1 What are the key steps?... 2 Change your password... 3 Change your login name... 4 Activate Mobile Advanced licenses...5 Check your licenses...6
More informationUsing ANM With Virtual Data Centers
APPENDIXB Date: 3/8/10 This appendix describes how to integrate ANM with VMware vcenter Server, which is a third-party product for creating and managing virtual data centers. Using VMware vsphere Client,
More informationRSA NetWitness Logs. EMC Symmetrix Solutions Enabler. Event Source Log Configuration Guide. Last Modified: Friday, April 21, 2017
RSA NetWitness Logs Event Source Log Configuration Guide EMC Symmetrix Solutions Enabler Last Modified: Friday, April 21, 2017 Event Source Product Information: Vendor: EMC Event Source: Symmetrix Solutions
More informationSophos Mobile SaaS startup guide. Product version: 7.1
Sophos Mobile SaaS startup guide Product version: 7.1 Contents 1 About this guide...4 2 What are the key steps?...5 3 Change your password...6 4 Change your login name...7 5 Activate SMC Advanced licenses...8
More informationRSA NetWitness Logs. F5 Big-IP Local Traffic Manager. Event Source Log Configuration Guide. Last Modified: Friday, May 12, 2017
RSA NetWitness Logs Event Source Log Configuration Guide F5 Big-IP Local Traffic Manager Last Modified: Friday, May 12, 2017 Event Source Product Information: Vendor: F5 Event Source: Big-IP Local Traffic
More informationCA Service Desk Integration with Remote Support
CA Service Desk Integration with Remote Support 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks are the
More informationMicrosoft Dynamics CRM Integration with Bomgar Remote Support
Microsoft Dynamics CRM Integration with Bomgar Remote Support 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown
More informationReal-Time Dashboard Integration Bomgar Remote Support
Real-Time Dashboard Integration Bomgar Remote Support 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are
More informationMicrosoft Cloud Workshop
Microsoft Cloud Workshop Hands-on lab step-by-step October 2017 Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationMicrosoft Dynamics CRM Integration with Remote Support
Microsoft Dynamics CRM Integration with Remote Support 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationRSA NetWitness Logs. McAfee Network Security Platform. Event Source Log Configuration Guide. Last Modified: Thursday, March 8, 2018
RSA NetWitness Logs Event Source Log Configuration Guide McAfee Network Security Platform Last Modified: Thursday, March 8, 2018 Event Source Product Information: Vendor: McAfee Event Source: Network Security
More informationRSA NetWitness Logs. Citrix XenMobile EMM Suite Last Modified: Wednesday, January 25, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Citrix XenMobile EMM Suite Last Modified: Wednesday, January 25, 2017 Event Source Product Information: Vendor: Citrix Event Source: Xenmobile Server
More informationForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0
ForeScout CounterACT Network Module: Centralized Network Controller Plugin Version 1.0 Table of Contents About the Centralized Network Controller Integration... 4 About This Plugin... 4 How It Works...
More informationBest Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate
White Paper PlateSpin Transformation Manager PlateSpin Migrate Best Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate Updated for PlateSpin Transformation Manager 1.1 and PlateSpin
More informationRSA NetWitness Logs. MySQL Enterprise. Event Source Log Configuration Guide. Last Modified: Wednesday, November 15, 2017
RSA NetWitness Logs Event Source Log Configuration Guide MySQL Enterprise Last Modified: Wednesday, November 15, 2017 Event Source Product Information: Vendor: MySQL Event Source: MySQL Enterprise Versions:
More informationRSA NetWitness Logs. IBM AIX Last Modified: Thursday, November 2, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide IBM AIX Last Modified: Thursday, November 2, 2017 Event Source Product Information: Vendor: IBM Event Source: AIX Versions: 5L (Security and Authentication
More informationMarkLogic Server. MarkLogic Server on Microsoft Azure Guide. MarkLogic 9 January, 2018
MarkLogic Server on Microsoft Azure Guide 1 MarkLogic 9 January, 2018 Last Revised: 9.0-4, January, 2018 2018 MarkLogic Corporation. MarkLogic and the MarkLogic logo are trademarks or registered trademarks
More informationDocker on Windows Server 2016
Docker on Windows Server 2016 Friday, August 4, 2017 2:26 PM Install and configure Docker, along with deploying and managing Windows-based containers, on a Windows Server 2016 server. This is a short workshop
More informationVendor: Microsoft. Exam Code: Exam Name: Developing Microsoft Azure Solutions. Version: Demo
Vendor: Microsoft Exam Code: 70-532 Exam Name: Developing Microsoft Azure Solutions Version: Demo DEMO QUESTION 1 You need to configure storage for the solution. What should you do? To answer, drag the
More informationMicrosoft Cloud Workshops. Enterprise-Ready Cloud Hackathon Leader Guide
Microsoft Cloud Workshops Enterprise-Ready Cloud Hackathon Leader Guide August 2017 2017 Microsoft Corporation. All rights reserved. This document is confidential and proprietary to Microsoft. Internal
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationRSA NetWitness Logs. Microsoft Windows. Event Source Log Configuration Guide. Last Modified: Thursday, October 5, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Microsoft Windows Last Modified: Thursday, October 5, 2017 Event Source Product Information: Vendor: Microsoft Event Source: Windows Versions: SNARE
More informationJIRA Integration Guide
JIRA Integration Guide 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective
More informationInstallation Guide Revision B. McAfee Cloud Workload Security 5.0.0
Installation Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More informationACE Live on RSP: Installation Instructions
ACE Live on RSP ACE Live on RSP: Installation Instructions These installation instructions apply to OPNET ACE Live on RSP Release 7.1.3. You can find the latest version of this document at the OPNET Support
More informationRSA NetWitness Logs. Sybase Adaptive Server Enterprise. Event Source Log Configuration Guide. Last Modified: Wednesday, November 29, 2017
RSA NetWitness Logs Event Source Log Configuration Guide Sybase Adaptive Server Enterprise Last Modified: Wednesday, November 29, 2017 Event Source Product Information: Vendor: Sybase Event Source: Sybase
More informationActiveTrust Cloud Threats API
QUICK START GUIDE ActiveTrust Cloud Threats API March 2018 2018 Infoblox Inc. All rights reserved. ActiveTrust Cloud Threats API Quick Start Guide March 2018 Page 1 of 19 Contents Overview... 3 Prerequisites...
More information<Partner Name> RSA NETWITNESS Security Operations Implementation Guide. Swimlane 2.x. <Partner Product>
RSA NETWITNESS Security Operations Implementation Guide Jeffrey Carlson, RSA Partner Engineering Last Modified: 05/01/2017 Solution Summary The RSA NetWitness integration
More informationSilver Peak EC-V and Microsoft Azure Deployment Guide
Silver Peak EC-V and Microsoft Azure Deployment Guide How to deploy an EC-V in Microsoft Azure 201422-001 Rev. A September 2018 2 Table of Contents Table of Contents 3 Copyright and Trademarks 5 Support
More informationSophos Mobile in Central
startup guide Product Version: 8.1 Contents About this guide... 1 What are the key steps?... 2 Activate Mobile Advanced licenses... 3 Configure settings... 4 Configure personal settings...4 Configure technical
More informationRSA NetWitness Logs. IBM Domino. Event Source Log Configuration Guide. Last Modified: Thursday, October 19, 2017
RSA NetWitness Logs Event Source Log Configuration Guide IBM Domino Last Modified: Thursday, October 19, 2017 Event Source Product Information: Vendor: IBM (Lotus) Event Source: Lotus Domino Versions:
More information